We present several techniques for automatically reducing memories in RTL designs. This includes a new memory abstraction algorithm that allows us to greatly reduce the size of memories and a technique based on-term rewriting that further improves the abstraction. In contrast to previously proposed methods for abstracting memories of RTL designs, our methods are general—e.g., they allow us to arbitrarily and directly compare memories—and they are sound and complete—e.g., there are no false positives or negatives. In addition, the combination of our techniques allows us to automatically verify RTL pipelined machine designs beyond the reach of current state-of-the-art methods, as our experimental results show. 1.

We describe our integration of the Yices SMT solver into the Isabelle theorem prover. This integration allows users to take advantage of the powerful SMT solving techniques within the interactive theorem proving environment of Isabelle, considerably increasing the automation level for a significant subset of Isabelle/HOL. 1.

Abstract. We describe an approach to verifying bit-level pipelined machine models using a combination of deductive reasoning and decision procedures. While theorem proving systems such as ACL2 have been used to verify bit-level designs, they typically require extensive expert user support. Decision procedures such as those implemented in UCLID can be used to automatically and efficiently verify term-level pipelined machine models, but these models use numerous abstractions, implement a subset of the instruction set, and are far from executable. We show that by integrating UCLID with the ACL2 theorem proving system, we can use ACL2 to reduce the proof that an executable, bit-level machine refines its instruction set architecture to a proof that a term-level abstraction of the bit-level machine refines the instruction set architecture, which is then handled automatically by UCLID. We demonstrate the efficiency of our approach by applying it to verify a complex seven stage bit-level interface pipelined machine model that implements 593 instructions and has features such as branch prediction, exceptions, and predicated instruction execution. Such a proof is not possible using UCLID and would require prohibitively more effort using just ACL2.

Abstract. Building verified computing systems such as a verified compiler or operating system will require both software and hardware verification. How can we decompose such verification efforts into mostly separate tasks, one involving hardware and the other software? What theorems should we prove? What specification languages should we use? What tools should we build? To what extent can the process be automated? We address these issues, using as a running example our recent and on-going work on refinement-based pipelined machine verification. 1